LogoRegulatory Alerts
2025-03-28

Extension of Cybersecurity and Cyber Resilience Framework Compliance Timelines for SEBI Regulated Entities

The Securities and Exchange Board of India (SEBI) has extended the compliance deadline for the Cybersecurity and Cyber Resilience Framework (CSCRF) by three months to June 30, 2025. This extension applies to all SEBI Regulated Entities, excluding Market Infrastructure Institutions, KYC Registration Agencies, and Qualified Registrars to an Issue and Share Transfer Agents. Stock Exchanges and Depositories are directed to disseminate these provisions to their members and participants immediately.

Securities and Exchange Board of India logo

India

Securities and Exchange Board of India

Click to view thumbnail

Page 1 of 3 परिपत्र / CIRCULAR SEBI/HO/ ITD-1/ITD_CSC_EXT/P/CIR/2025/45 March 28, 2025 To, All Alternative Investment Funds (AIFs) All Bankers to an Issue (BTI) and Self-Certified Syndicate Banks (SCSBs) All Collective Investment Schemes (CIS) All Credit Rating Agencies (CRAs) All Custodians All Debenture Trustees (DTs) All Depositories All Designated Depository Participants (DDPs) All Depository Participants through Depositories All Investment Advisors (IAs) / Research Analysts (RAs) All KYC Registration Agencies (KRAs) All Merchant Bankers (MBs) All Mutual Funds (MFs)/ Asset Management Companies (AMCs) All Portfolio Managers Association of Portfolio Managers in India (APMI) All Registrar to an Issue and Share Transfer Agents (RTAs) All Stock Brokers through Exchanges All Stock Exchanges All Venture Capital Funds (VCFs)

Page 2 of 3 Dear Sir / Madam, Subject: Extension towards Adoption and Implementation of Cybersecurity and Cyber Resilience Framework (CSCRF) for SEBI Regulated Entities (REs)

  1. Recognising the need for robust cybersecurity measures and protection of data and IT infrastructure, Securities and Exchange Board of India (SEBI) has issued ‘Cybersecurity and Cyber Resilience Framework (CSCRF) for SEBI Regulated Entities (REs)’ vide circular SEBI/HO/ ITD-1/ITD_CSC_EXT/P/CIR/2024/113 dated August 20, 2024. Upon receipt of various queries from REs seeking clarification on the aforementioned circular, SEBI has also issued ‘Clarifications to Cybersecurity and Cyber Resilience Framework (CSCRF) for SEBI Regulated Entities (REs)’ vide circular SEBI/HO/ ITD-1/ITD_CSC_EXT/P/CIR/2024/184 dated December 31, 2024.
  2. SEBI had received multiple requests for CSCRF compliance timelines extension to ensure ease of compliance for them. Therefore, it has been decided to extend the compliance timelines by three (3) months, i.e., till June 30, 2025 to all REs, except Market Infrastructure Institutions (MIIs), KYC Registration Agencies (KRAs), and Qualified Registrars to an Issue and Share Transfer Agents (QRTAs).
  3. Stock Exchanges/ Depositories are directed to: 3.1.Bring the provisions of this circulars to the notice of their members/ participants and also disseminate the same on their websites.
  4. The provisions of this Circular shall come into force with immediate effect.
  5. This circular is being issued in exercise of powers conferred under Section 11 (1) of the Securities and Exchange of India Act, 1992, to protect the interests of investors in securities and to promote the development of, and to regulate the securities market.
  6. This circular is issued with the approval of Competent Authority.

Page 3 of 3 7. This circular is available on SEBI website at www.sebi.gov.in under the category “Legal” and drop “Circulars”. भवदीय Yours faithfully, श्‍वेता बनर्जी Shweta Banerjee महाप्रबंधक General Manager दूिभाष / Phone: 022-26449509 ईमेल / Email: shwetas@sebi.gov.in

Share